← Back

CVE-2019-15962

nvd nist
Published: Oct 16, 2019Modified: Nov 21, 2024

JSON object

Loading...
4.4
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Exploitability: 0.8 / Impact: 3.6
Source: NVD

Description

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.

Affected (5)

Cisco
1 product
Telepresence Collaboration Endpoint
Configuration A
5 vulnerable · 13 platform
Vulnerable SoftwareAffected Versions
Cisco
Telepresence Collaboration Endpoint
Version 7.3.18
Telepresence Collaboration Endpoint
Version 8.3.7
Telepresence Collaboration Endpoint
Version 9.6.4
Telepresence Collaboration Endpoint
Version 9.7.2
Telepresence Collaboration Endpoint
Version 9.8.0
Running on/withPlatform Versions
Cisco
Webex Board 55
All versions
Cisco
Webex Board 55s
All versions
Cisco
Webex Board 70
All versions
Cisco
Webex Board 70s
All versions
Cisco
Webex Board 85s
All versions
Cisco
Webex Room 55
All versions
Cisco
Webex Room 55 Dual
All versions
Cisco
Webex Room 70 Dual
All versions
Cisco
Webex Room 70 Dual G2
All versions
Cisco
Webex Room 70 Single
All versions
Cisco
Webex Room 70 Single G2
All versions
Cisco
Webex Room Kit
All versions
Cisco
Webex Room Kit Mini
All versions

Related CWEs

CWE-275
CWE-275
CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.